How can I determine whether a particular endpoint supports TLS Compression and is therefore vulnerable to the CRIME attack?
I can't see an appropriate parameter in the API.
ssllabs-scan/ssllabs-api-docs.md at stable · ssllabs/ssllabs-scan · GitHub
compressionMethods - integer value that describes supported compression methods
bit 0 is set for DEFLATE
Well possibly but that is directly on the endpoint not on the protocol and doesn't refer to either TLS nor CRIME. I took that value to refer to whether the server was using HTTP compression as I was expecting either a property with a name like vulnCrime on the endpoint like there is for BEAST, poodle, freak, logjam and openSslCcs/CVE-2014-0224 or a property on the protocol itself with a name like tlsCompression. However on reflection I think you are probably right and this is indeed the SSL/TLS flag.
Pleas can someone from Qualys confirm and perhaps update the API document to make it more obvious?
Retrieving data ...